Professional Website Security

About Alycia Mitchell

Alycia is the Digital Marketing Manager at Sucuri (@SucuriSecurity). She’s passionate about teaching cyber security best practices and fond of open-source, analytics, and malware. Follow her onTwitter at @artdecotech.

At Sucuri, our teams are skilled in website incident response and website protection using proactive DNS-based mitigation of web attacks. Our passion for this topic extends to every corner of our company. As the Digital Marketing Manager at Sucuri, I see firsthand the number of website owners who are caught off guard.

I also see how spammers can pollute your reports and distort your KPIs. For example, Google Analytics can be filled with referral spam and ghost referrers – totally invalidating your data. This is especially true for small business owners who are growing their following. That isn’t what I’m going to focus on in this post (but attend my free webinar this week if you want to learn more).

Careful Website Owners

Every website owner cares a lot about SEO, traffic and conversions. This involves building trust, relevance, and authority.

Often, website security is the most important factor they are overlooking.

Whether you are an ecommerce shop, business site, or blog owner, your audience wants to know that visiting your website isn’t going to infect their computer or compromise their personal information. Simply put, customers and readers will not return if they see a big red warning on your site, or get their bank account information stolen after making a purchase on your site.

The headaches involved with a website compromise are hard to overstate.

If you are not prepared to mitigate attacks – and deal with things like updates, backups, and server hardening – you should consider investing in a managed solution to take care of these concerns for you. The fields of security and marketing are “a mile wide, and a mile deep” (a quote from one of my colleagues on the firewall team).

What To Expect When You’re Infected

If your website is infected, here are a few common things that can happen. This is a very short list of some of the most common things I see our security research team blog about on blog.sucuri.net.

Google will blacklist your website with a giant red warning.

Your website can be defaced with hacker images and text.

Your search results could display a “This Site May Be Hacked” warning.

Ecommerce carts can be hijacked, stealing your sales.

Customer data can be collected by hackers who steal their credit card information.

Your SEO meta-data could be filled with spam keywords that show on SERPs.

Visitors can be redirected based on their device type.

Your pages can be filled with pharma spam keywords and links to illegal viagra sites.

Backdoors can be hidden all over your server, allowing attackers back in.

We also protect our clients from countless cases of seo spam, vulnerability exploitation, DDoS (distributed denial of service), and brute force attacks. The hackers of the world continue to find new ways to exploit server software and scan the internet for vulnerable sites. It’s all automated and sometimes it’s so easy that script kiddies are doing it.

Risk Management

If this scares you, that’s okay – it is scary stuff. If you don’t have a team in place to help you understand and manage these risks, then now is the time to think about it. Website security is not a DIY project, especially for those who do not have a security team in place.

Agencies and professional website management teams often take security into account. This is one of the things that you want to make sure is included with the other services they are providing. Don’t overlook security if you want to maintain your brand reputation and avoid losing customers to more proactive and responsible competitors.